CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-8144

A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.029

EPSS Ranking 85.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update

Products affected by CVE-2019-8144

Magento » Magento » Version: 2.3.0

cpe:2.3:a:magento:magento:2.3.0
Magento » Magento » Version: 2.3.1

cpe:2.3:a:magento:magento:2.3.1
Magento » Magento » Version: 2.3.2

cpe:2.3:a:magento:magento:2.3.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-8144

Products

Pricing

Contact Us